06.13.06

Finished reading Beyond Fear last night – a very interesting book that anyone with an interest in their own security should read, and probably reread at regular intervals. Bruce is one of the foremost computer security experts in the world, with his canonical work Applied Crytopgraphy as one of the prime texts for any research in the area, and has applied the lessons learned in defending computer systems into the wider world of threat analysis, defense and countermeasures in a very readable and understandable manner.

The most interesting aspect, of course, is the discussion of defense against terrorism and what the best options are. It turns out that under analysis, most of the things we’re doing are wrong and probably reducing the security of our nations while the things we were already doing before 9/11 were the ones that have the most benefit in terms of discouraging terrorism. Now, that’s a huge paraphrase so I advise you to read the book and prove me wrong, but a some good examples are the following:

Consider what terrorism is about – the destruction of the morale of a target nation. We now have people reminding us continuously how much at risk we are of terror attacks and how much privicy and freedoms we need to give up to ensure our future safety. I’d consider that a nation well and truly terrorized, wouldn’t you? Compare this to the British response to decades of terrorism from the IRA – the media praised the even tempered responses from the government and certainly avoided the focus on death and destruction, definitely something the US media has absolutely no clue how to do.

Consider what happened on 9/11. The terrorists took several trial runs to make sure they could get on the planes unhindered. No amount of screening can avoid this sort of penetration testing – they can simply try with a new set of people until they find ways that work. This isn’t to say screening is bad, but it really doesn’t mitigate the risk of a determined terrorist. What it does do however is create large groups of people outside a security checkpoint – a very ripe target indeed for a terrorist wanting to cause a major amount of panic and complete loss of faith in the system. I can only dread the government response to that sort of attack – security checkpoints before the security checkpoints?

Consider that terrorism is rare. Astonishingly rare. You have more chance of dying from a bee sting than a terror attack. This includes the chance of terrorists getting nuclear weapons. Why are we spending $40 billion per year on terrorism prevention (that doesn’t include the Iraq war) and not on beesting prevention? The obvious answer is people don’t understand risks and so politicians are forced to act on something that is ultimately not an appreciable risk.

Consider the root causes of terrorism against a state – overwhelming negative sentiment leading to popular support of would-be attackers. America has successfully made itself less popular than ever before in history. While no one “deserves” a terror attack, you certainly don’t let your daughters walk alone in a dark alley wearing a miniskirt and then wonder why the nastier elements in society take advantage of her, why should international politics be different?

Consider that people would go to schools and drive their children home when the DC snipers were shooting people and yet the chances of dying in a car accident were significantly higher than being shot by a sniper.

Consider that people drive from fear of flying when driving is a much higher risk per passenger mile.

Entertaining isn’t it? And that’s only the start of what’s in the book, because the book goes on and discusses what has actually gone right in the “war on terror”, how we can make things better and how to become more informed on security risks as a whole and what they really mean to us.

Get the book. It’s well worth the $25 if you are remotely interested in your security.